jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
provisioning/schemas/platform/defaults/common/security-defaults.ncl

68 lines
1.4 KiB
Plaintext
Raw Normal View History

chore: complete nickel migration and consolidate legacy configs - Remove KCL ecosystem (~220 files deleted) - Migrate all infrastructure to Nickel schema system - Consolidate documentation: legacy docs → provisioning/docs/src/ - Add CI/CD workflows (.github/) and Rust build config (.cargo/) - Update core system for Nickel schema parsing - Update README.md and CHANGES.md for v5.0.0 release - Fix pre-commit hooks: end-of-file, trailing-whitespace - Breaking changes: KCL workspaces require migration - Migration bridge available in docs/src/development/
2026-01-08 09:55:37 +00:00
# Security Default Values
# Common defaults for authentication, RBAC, encryption
let security_schema = import "../../schemas/common/security.ncl" in
{
security | security_schema.SecurityConfig = {
# JWT Configuration
jwt = {
issuer = "provisioning-system",
audience = "provisioning-api",
expiration = 3600,
refresh_expiration = 86400,
algorithm = "HS256",
},
# Encryption Configuration
encryption = {
kms_backend = "&",
enable_field_encryption = false,
},
# RBAC Configuration
rbac = {
enabled = false,
inheritance = true,
default_role = "user",
},
# MFA Configuration
mfa = {
required = false,
max_attempts = 3,
lockout_duration = 15,
},
# Rate Limiting
rate_limiting = {
enabled = false,
max_requests = 1000,
window_seconds = 60,
lockout_duration = 15,
},
# Session Configuration
session = {
max_duration = 86400,
idle_timeout = 3600,
tracking = false,
},
# TLS Configuration
tls = {
enabled = false,
client_auth = false,
},
# CORS Configuration
cors = {
enabled = false,
allow_credentials = false,
allowed_origins = ["http://localhost:3000"],
allowed_methods = ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
allowed_headers = ["Content-Type", "Authorization"],
},
},
}
Reference in New Issue Copy Permalink